POLICY CONTROL FOR ENCAPSULATED DATA FLOWS - Systems and methodologies are described that facilitate communicating encapsulation information for a related mobility protocol type utilized in communicating over a data flow with reduced specific implementation on the policy server to support different mobility protocol types. In this regard, encapsulation information can be transmitted to the policy server from a network gateway such that the policy server can forward the encapsulation information to a serving gateway along with policy rules related to a data flow type. The serving gateway can utilize the encapsulation information to detect and interpret the encapsulated data flow according to the policy rules. In this regard, the serving gateway can provide support (e.g. quality of service support) for the flow. The encapsulation information can relate to a mobility protocol type, an encapsulation header, an indication that encapsulation is required, parameters regarding locating an encapsulation header in a message, and/or the like.

2009-08-06

20090199269

ACCESS PROVISIONING VIA COMMUNICATION APPLICATIONS - Described herein is technology for, among other things, provisioning access to shared resources. It involves various techniques for creating accounts for recipients of communications with shared resources. Further, the resources may available by an easy to find permanent location (e.g., URL). Such a provisioning process facilitates the growth of the network as recipients are given fully featured accounts. Therefore, the technology avoids the sign up process that users would otherwise have to go through in order to access the shared resource.

2009-08-06

20090199270

IMAGE FORMING APPARATUS, IMAGE FORMING METHOD, AND STORAGE MEDIUM - A disclosed image forming apparatus includes an authentication information unit including login information of a user and an authentication key; an authentication key providing unit including the authentication key; functional units; and a functional-unit authentication unit including authentication information of the functional units and a first verification unit configured to determine whether the functional units are authenticated. Each of the functional units includes an authentication key obtaining unit for obtaining the authentication key from the authentication key providing unit if the first verification unit determines that the functional unit is authenticated. The authentication information unit further includes a second verification unit for determining whether the authentication key obtained by the authentication key obtaining unit matches the authentication key in the authentication information unit, and a login information providing unit for providing the login information to the functional unit if the second verification unit determines that the authentication keys match.

2009-08-06

20090199271

IMPLICIT POPULATION OF ACCESS CONTROL LISTS - Communication applications may include lists of users with which a user of the application communicates. If two users of a communications application each include the other user on their user lists, an implicit trust may be established between the users. For example, if user A includes user B in her list and user B includes user A in his list, then it may be determined that each user knows and/or trusts the other user. As a result, a connection or communications pathway may be automatically created between the client devices of the users to facilitate communications between the users based on the implicit trust.

2009-08-06

20090199272

AUTHENTICATION USING A TURING TEST TO BLOCK AUTOMATED ATTACKS - System and methods for authenticating a transaction between a user system and a host system are described herein. In one embodiment, the system and methods use a text-reading test (TRT) image as part of the authentication process. The TRT image is presented to the user upon initiation of a transaction by the user. Information provided by a user, via the user system, after perception of the TRT image is compared to the source information in the TRT image. If the user input corresponds to the source information, the user is authenticated and transaction is allowed to proceed.

2009-08-06

20090199273

Row-level security with expression data type - Systems, methods, and other embodiments associated with row level security for a database table are described. One example method includes detecting an access statement seeking access to a row in a database table for which row level security is active. The method includes adding a predicate to the access statement. The predicate is based on an access control expression associated with the row. The access control expression depends on an instance of an expression data type associated with the row. The method includes populating an attribute of the predicate, and controlling access to the row based on a computed value for the predicate.

2009-08-06

20090199274

METHOD AND SYSTEM FOR COLLABORATION DURING AN EVENT - A system and method for gathering data from a plurality of computer environments. The computer environments are authenticated, data is copied from the plurality of authenticated computer environments to a memory location, and access to the memory location is provided to a plurality of authenticated users. The data may be marked so that a user may determine which computer environment provided the data.

2009-08-06

20090199275

WEB-BROWSER BASED THREE-DIMENSIONAL MEDIA AGGREGATION SOCIAL NETWORKING APPLICATION - Systems and methods for social networking and digital media aggregation represented as a three-dimensional virtual world within a standard web browser are described. In one embodiment, multiple, independent groups of users interact with each other inside a dynamic, three-dimensional virtual environment. These groups may be mutually exclusive and members interact only with other members within the same group. In this manner, system architecture and server requirements may be greatly reduced, since consistent environmental state needs to be maintained only for a small number of interacting participants—typically less than one dozen.

2009-08-06

20090199276

Proxy authentication - A first application that is hosted by a first machine receives a login request from a user. The first application requests authentication verification from a second application that is hosted by a second machine. The first application authenticates the user if the user was authenticated by the second application, wherein the user can be authenticated by both the first application and the second application after having provided authentication credentials to one of the first application or the second application.

2009-08-06

20090199277

CREDENTIAL ARRANGEMENT IN SINGLE-SIGN-ON ENVIRONMENT - Apparatus and methods arrange user credentials on physical or virtual computing devices utilizing a single-sign-on framework. During use, a plurality of target environments exist for a user to logon to one or more applications thereof, including at least a personal and workplace environment. One or more roles of the user are identified per each target environment, such as a shopper in the personal environment and an engineer or manager in the workplace environment. The user has credentials per each role and are used to logon using a single-sign-on session to access the one or more applications. The credentials are stored in a secret store corresponding to the defined roles of the user per either the personal or workplace environment. Workplace policies defining the roles or synching credentials are other features as are establishing default roles or retrofitting existing SSO services. Computer program products and computing interaction are also disclosed.

2009-08-06

20090199278

System and method for authenticating a user of a wireless data processing device - A system and method for authenticating a user with a wireless data processing device. For example, a method according to one embodiment of the invention comprises: generating a new authentication code for a user at a data service, the data service communicatively coupled to a wireless device over a wireless network and to a client data processing device over a data network; transmitting the new authentication code to the wireless device; receiving a request from the user to connect to the service through the client data processing device over the data network; requesting the new authentication code from the user over the data network; receiving an authentication code entered by the user on the client data processing device over the data network; comparing the new authentication code with the authentication code entered by the user on the client data processing device; allowing access to resources on the service if the authentication code entered by the user matches new the authentication code; and denying access to resources on the service if the authentication code entered by the user does not match the new authentication code.

2009-08-06

20090199279

METHOD FOR CONTENT LICENSE MIGRATION WITHOUT CONTENT OR LICENSE REACQUISITION - Techniques for migrating content from a first set of conditions to a second set of conditions are disclosed herein. In particular, a content migration certificate is utilized to enable content migration and set forth under what conditions content may be accessed after migration. The content migration certificate may, for example, be stored as a file in a removable storage unit or transferred online once an indication that conditions have changed is received. The change in conditions may involve a new device attempting to access the content file, a new user attempting to access the content, or any other similar conditions. Access to the information in the content migration certificate may be protected by encryption so that only devices and/or users meeting the conditions of the certificate are permitted to transfer content. By accessing the content migration certificate in the prescribed manner, migration of content is enabled in a controlled and easy process.

2009-08-06

20090199280

AUTHENTICATION SERVER, AUTHENTICATION SYSTEM AND ACCOUNT MAINTENANCE METHOD - An authentication server, on receipt of a request to delete a user account, determines whether the account exists in a user authentication table. If the account exists, the authentication server deletes the account, and retrieves, from a requesters list in which information of devices from which users have to date requested user authentication is saved, an address of a device from which the user targeted for deletion has previously issued an authentication request, and issues a deletion request to that device together with account information. Similar processing to change a user account is performed in response to a change request.

2009-08-06

20090199281

METHOD AND APPARATUS FOR VIRTUAL WI-FI SERVICE WITH AUTHENTICATION AND ACCOUNTING CONTROL - A method of providing virtual Wi-Fi service with accounting and authentication control via a virtual Wi-Fi access network is provided. The method comprises: connecting a subscriber to the virtual Wi-Fi access network, wherein the virtual Wi-Fi access network comprises a plurality of individual Wi-Fi access points in communication with at least one virtual Wi-Fi access server; prompting the subscriber for an account ID and password; performing subscriber authentication at the virtual Wi-Fi access server; where the subscriber has been authenticated, establishing a Wi-Fi session for the subscriber in the virtual Wi-Fi access network and applying an accounting function to the Wi-Fi session; and notifying the virtual Wi-Fi access server when the subscriber exits from the virtual Wi-Fi network.

2009-08-06

20090199282

TECHNIQUES FOR NON-UNIQUE IDENTITY ESTABLISHMENT - Techniques for non-unique identity establishment are presented. A plurality of biometric data associated with a user is acquired from a plurality of biometric devices. The intersection of the biometric data is registered or a vector for the biometric data is registered. This information is also registered along with answers to questions provided by the user. When a user attempts to subsequently access a secure resource of a network, the retained information is compared against user-supplied biometric data and in some cases where appropriate user-supplied answers to establish an identity of the user and to authenticate the user for access to the secure resource.

2009-08-06

20090199283

WIRELESSLY RECEIVING BROADCAST SIGNALS USING INTELLIGENT CARDS - The present disclosure is directed to a system and method for wirelessly receiving broadcast signals using intelligent cards. In some implementations, a service card includes a physical interface, a communication module, memory, and a service module. The physical interface connects to a port of a mobile host device. The mobile host device includes a Graphical User Interface (GUI). The communication module wirelessly receives broadcast signals encoding content. The memory stores user information used to decrypt the encoded content independent of the mobile host device. The stored information is associated with a content provider. The service module decrypts the encoded content in response to at least an event and presents the content through the GUI of the mobile host device.

2009-08-06

20090199284

METHODS FOR SETTING AND CHANGING THE USER CREDENTIAL IN INFORMATION CARDS - An identity provider issues information cards in which the credential type and/or the credential data is not specified at the time of issuance. A card selector installs the information cards and either prompts a user for the credential at the time of installation or afterwards. The card selector updates the credential type, the credential data, and/or authentication materials associated with an information card after the information card has been installed, and informs the identity provider about the credential type, credential data, and authentication materials before the information card is used.

2009-08-06

20090199285

Systems and Methods for For Proxying Cookies for SSL VPN Clientless Sessions - The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies.

2009-08-06

20090199286

Method and appartus for network security using a router based authentication system - A router based authentication system provides packet level authentication of incoming data packets and eliminates the risk of having data packets come in to the network whose source cannot be authenticated. In Router Based Authentication System (RBAS), a prior art router is adapted with an authentication function that works in conjunction with a security function in the client. Alternatively, a new router can be built that embeds an authentication function. The router based authentication function includes: (i) an ability to receive a telephone call and verify the caller by comparing with pre-stored caller id, (ii) generate a random alphanumeric code, deliver to the caller, and save in the system, (iii) reject all packets from the client that do not have a passkey embedded in the header of the packet. The security function in the client includes (i) display of an authentication screen that may display a telephone number to a border or internal router of a computer network of a business and enables entry of the passkey made up of the telephone number of the user and the alphanumeric code, and (ii) a function that encrypts the passkey and inserts the passkey in the header of each outgoing data packet to the business.

2009-08-06

20090199287

SYSTEMS AND METHODS FOR CONDITIONAL ACCESS AND DIGITAL RIGHTS MANAGEMENT - Method and systems for migrating content from a first DRM system to a second DRM system. The content is licensed under a first license (L1) under the first DRM system and is licensed under a second license (L2) under the second DRM system, and the rights to the content under L2 are at least equal to the rights to the content under L1.

Method and System for Pervasive Access to Secure File Transfer Servers - End-to-end file transfer security for file transfer is provided over a network such as the Internet between a client, using a secure communication protocol which is pervasively available, such as HTTPS, to a secure file server which is accessible only through a secure file transfer protocol which is not pervasively available by using a secure proxy for accessing the secure file server rather than providing a protocol break merely for traversing a firewall. The secure proxy is arranged to provide a protocol conversion between the pervasively available secure protocol and the communication protocol through which the server is accessible and which is not pervasively available. By doing so, the secure proxy inherits secure functions of the secure server which thus need not be separately or independently provided in the secure proxy.

2009-08-06

20090199290

VIRTUAL PRIVATE NETWORK SYSTEM AND METHOD - One embodiment of the application provides a method and system for receiving at a gateway device a plurality of virtual private network tunnels to be routed to a Local Area Network (LAN), routing a first portion of the plurality of virtual private network tunnels to at least one slave device coupled to the gateway device, performing IPsec processing of the first portion of the plurality of virtual private network tunnels using at least one slave device, forwarding the first portion of the plurality of virtual private network tunnels after IPsec processing to at the gateway device and routing the plurality of virtual private network tunnels to the LAN.

2009-08-06

20090199291

Communication apparatus, a firewall control method, and a firewall control program - A communication apparatus used in a plurality of networks is disclosed. The communication apparatus includes a firewall which allows communication with outside of the communication apparatus when disabled, and prohibits communication with outside of the communication apparatus when enabled. Then, the communication apparatus includes a firewall control unit which acquires a first MAC address of a first default gateway provided for a predetermined specific network and a second MAC address of a second default gateway provided for a network in which the communication apparatus is being connected, and controls the firewall according to a result of comparison of the first MAC address and the second MAC address.

2009-08-06

20090199292

CONTROL DEVICE, CONTROLLED DEVICE, AND CONTROL METHOD - A control device communicating with a controlled device to control the controlled device includes a first memory to store first authentication information for activation of the controlled device, a second memory to store a key for encryption, a generator to generate third authentication information by encrypting second authentication information transmitted by the controlled device in response to the first authentication information using the key stored in the second memory, a transmitter to transmit the first authentication information or the third authentication information to the controlled device, and a memory controller to store the second authentication information or the third authentication information as first authentication information for next authentication in the first memory.

2009-08-06

20090199293

METHOD AND SYSTEM OF MANAGING USER ACCESS IN A COMPUTING SYSTEM - A method and system of managing user access in a computing system is provided. The system can include an operations controller in communication with the computing system for managing the commercial transactions of the computing system over the internet, and an access management controller in communication with the operations controller. The access management controller can receive an input comprising user roles and actions associated with the computing system. The access management controller can generate a matrix indicating a relationship between the user roles and the actions. The access management controller can provide the input to the operations controller for implementation of access rules in accordance with the relationship indicated in the matrix. The access management controller can attempt to access in the computing system at least a portion of the user roles and actions after the operations controller has implemented the access rules. The access management controller can compares the attempted access with the relationship indicated in the matrix to determine access discrepancies.

2009-08-06

20090199294

Managing Password Expiry - A method and apparatus for managing the expiration of a password. In one embodiment, the method comprises determining whether a behavior anomaly associated with an account has occurred. In response to a determination that the behavior anomaly has occurred, the method expires a password associated with the account and forces the password be changed the next time the password is presented for accessing the account.

2009-08-06

20090199295

IMAGE PASSWORD AUTHENTICATION SYSTEM OF PORTABLE ELECTRONIC APPARATUS AND METHOD FOR THE SAME - The present invention provides an image password authentication system of a portable electronic apparatus and a method for the same. An image with a plurality of image regions is stored in the portable electronic apparatus, and the image regions are selected on a touch panel to generate an authentication parameter. The authentication parameter comprises user-selected image regions, a sequence of user-selected image regions, an elapsed time of selection operation, and requested times of selection operation. The authentication parameter is stored in a database module and is used to verify a validation parameter which is generated when users select the plurality of image regions on the touch panel of the authentication system in operating the portable electronic apparatus. Hence, the image password authentication can be provided to replace the existing number-input or character-input password authentication scheme.

2009-08-06

20090199296

DETECTING UNAUTHORIZED USE OF COMPUTING DEVICES BASED ON BEHAVIORAL PATTERNS - Techniques for detecting unauthorized use (e.g., malicious attacks) of the computing systems (e.g., computing devices) are disclosed. Unauthorized use can be detected based on patterns of use (e.g., behavioral patterns of use typically associated with a human being) of the computing systems. Acceptable behavioral pattern data can be generated for a computing system by monitoring the use of a support system (e.g., an operating system, a virtual environment) operating on the computing system. For example, a plurality of system support provider components of a support system (e.g., system calls, device drivers) can be monitored in order to generate the acceptable behavioral pattern data in a form which effectively defines an acceptable pattern of use (usage pattern) for the monitored system support provider components, thereby allowing detection of unauthorized use of a computing system by detecting any deviation from the acceptable pattern of use of the monitored system support provider components.

2009-08-06

20090199297

THREAD SCANNING AND PATCHING TO DISABLE INJECTED MALWARE THREATS - An arrangement for scanning and patching injected malware code that is executing in otherwise legitimate processes running on a computer system is provided in which malware code is located in the memory of processes by extracting the start addresses of processes' threads and then searching near these addresses. Additional blocks of code in memory that are invoked by the code identified by each start address are also identified and the blocks are then matched against scanning signatures associated with known malware threads. If the entire signature can be matched against a subset of the blocks, then the thread is determined to be infected. The infected thread is suspended and in-memory modifications are performed to patch the injected code to render it harmless. The thread can be resumed or terminated to disable the protection mechanisms of the malware without causing any harm to the process in which the thread is injected.

2009-08-06

20090199298

ENTERPRISE SECURITY MANAGEMENT FOR NETWORK EQUIPMENT - The inventive device includes a dashboard or graphical user interface (GUI), a security access control (AUTH) and secure communications sub-system (SEC-COMM), network and asset discover and mapping system (NAADAMS), an asset management engine (AME), vulnerability assessment engine (CVE-DISCOVERY), vulnerability remediation engine (CVE-REMEDY), a reporting system (REPORTS), a subscription, updates and licensing system (SULS), a countermeasure communications system (COUNTERMEASURE-COMM), a logging system (LOGS), a database integration engine (DBIE), a scheduling and configuration engine (SCHED-CONFIG), a wireless and mobile devices/asset detection and management engine (WIRELESS-MOBILE), a notification engine (NOTIFY), a regulatory compliance reviewing and reporting system (REG-COMPLY), client-side (KVM-CLIENT) integration with KVM over IP or similar network management equipment, authentication-services (KVM-AUTH) integration with KVM over IP or similar network management equipment and server-side (KVM-SERVER) integration with KVM over IP or similar network management equipment.

2009-08-06

20090199299

INTEGRATED USER EXPERIENCE WHILE ALLOCATING LICENSES WITHIN VOLUME LICENSING SYSTEMS - This description provides tools for providing integrated user experiences while allocating licenses within volume licensing systems. These tools may provide methods that include sending information for presenting licensing portals at recipient organizations. The licensing portals may include representations of properties licensed by the organizations, and may include indications of how many licenses remain available for allocation. The methods may include receiving and validating licensing requests. The tools may provide other methods that include requesting and receiving information for presenting the licensing portals, as well as requesting and receiving licensing-related actions from the licensing systems. The tools may provide still other methods that include receiving requests for information to present launch portals, with these requests incorporating user identifiers for particular end-users. These methods may also populate the launch portals with representations of properties for which the end-users are licensed, and may send the information for the launch portals to licensee organizations.

2009-08-06

20090199300

WIRELESS COMMUNICATION APPARATUS AND CONFIGURING METHOD FOR WIRELESS COMMUNICATION APPARATUS - According to one embodiment, a wireless communication apparatus comprises a wireless communication module configured to carry out wireless communication, a first storage module configured to store information unique to the wireless communication apparatus, a configuration generator module configured to generate configuration information for the wireless communication module to connect to a given network based on the information stored in the first storage module, a second storage module configured to store the configuration information generated by the configuration generator module and a first display control module configured to control display of the configuration information stored in the second storage module so that a user cannot recognize the information unique to the wireless communication apparatus.

2009-08-06

20090199301

METHODS TO DEFEND AGAINST TAMPERING OF AUDIT RECORDS - Embodiments of the invention provide systems and methods for maintaining audit records for a database or other resource. According to one embodiment, a method for maintaining audit records for a database can comprise detecting an operation involving at least one record of the database. An audit record can be generated for the operation and the audit record can be stored in an audit table in the database. Insert operations and select operations for the audit table can be supported but other operations for the audit table can be prohibited. Additionally or alternatively, creation of more than one audit table having a same name and schema can be prevented.

2009-08-06

20090199302

System and Methods for Granular Access Control - A method and system for granular access control. An access control system allows a user or administrator to restrict access to electronic documents on a granular basis. Access may be restricted for individual data objects, types of objects, or even on a byte-by-byte basis. When a user attempts to access the electronic document, the access control system determines what parts, if any, of the document the user is permitted to access, and retrieves only those parts for access by the user. Data objects may include, for example, audio, video, graphics, or text.

METHOD OF GENERATING VERIFICATION DATA - To prevent dissemination of content stored on a DVD-RW disc, CPRM is provided. However, this does not provide a watertight system. The invention proposes to arrange a stream to be recorded such that the input for verification data and therefore verification data is different for different authorisation levels. Various embodiments for implementing the invention are disclosed and comprise re-arranging data packs to be recorded and/or modifying data in data packets.

Fucosyl transferase gene - A DNA molecule is provided which comprises a sequence according to SEQ ID NO: 1 having an open reading frame from base pair 211 to base pair 1740 or having at least 50% homology to the above-indicated sequence, or hybridizing with the above-indicated sequence under stringent conditions, or comprising a sequence which has degenerated to the above-indicated DNA sequence because of the genetic code, the sequence coding for a plant protein having fucosyltransferase activity or being complementary thereto.

Transgenic plants with enhanced agronomic traits - This invention provides recombinant DNA for expression of proteins that are useful for imparting enhanced agronomic trait(s) to transgenic crop plants. Also provided by this invention is transgenic seed for growing a transgenic plant having recombinant DNA in its genome and exhibiting an enhance agronomic trait, i.e. enhanced nitrogen use efficiency, increased yield, enhanced water use efficiency, enhanced tolerance to cold stress and/or improved seed compositions. Also disclosed are methods for identifying such transgenic plants by screening for nitrogen use efficiency, yield, water use efficiency, growth under cold stress, and seed composition changes. This invention also discloses a method of identifying the target genes of a transcription factor.

Promotor of Hot Pepper Which is Related to TMV-Resistance - The present invention relates to a promoter of hot pepper related to TMV-resistance, more precisely a promoter of the gene related to TMV-resistance and a method for regulating the expression of a target protein by using a transcription factor binding to the same. The method of the present invention can be effectively used for the regulation of the expression of a target protein in disease-resistant plants.

2009-08-06

20090199311

METHODS AND MEANS FOR PRODUCING HYALURONAN - The present invention relates to plant cells and plants which synthesize an increased amount of hyaluronan, and to methods for preparing such plants, and also to methods for preparing hyaluronan with the aid of these plant cells or plants. Here, plant cells or genetically modified plants according to the invention have hyaluronan synthase activity and additionally an increased glutamine:fructose 6-phosphate amidotransferase (GFAT) activity and an increased UDP glucose dehydrogenase (UDP-Glc-DH) activity, compared to wild-type plant cells or wild-type plants. The present invention furthermore relates to the use of plants having increased hyaluronan synthesis for preparing hyaluronan and food or feedstuff containing hyaluronan.

2009-08-06

20090199312

SHADE REGULATORY REGIONS - Regulatory regions suitable for directing expression of a heterologous polynucleotide under far red light conditions are described, as well as nucleic acid constructs that include these regulatory regions. Also disclosed are transgenic plants that contain such constructs and methods of producing such transgenic plants.

2009-08-06

20090199313

Non-mevalonate isoprenoid pathway - The present invention is directed to enzymes and intermediates of the non-mevalonate isoprenoid pathway downstream of 2C-methyl-D-erythritol 2,4-cyclopyrophosphate and upstream of isopentenyl pyrophosphate or dimethylallyl pyrophosphate. These are used as a basis for a screening method for inhibitors of these enzymes, and a method for identifying inhibitor-resistant variants thereof. Further disclosures refer to DNA coding for said enzymes and for inhibitor-resistant variants thereof, vectors containing said DNA, cells containing said vector, and plant seeds comprising cells containing said vector. This invention is useful for the inhibition of the biosynthesis of isoprenoids in plants, bacteria and protozoa, for conferring herbicide-resistance to plants, as well as for weed control in agriculture using a crop containing a herbicide-resistant gene and an effective amount of a suitable herbicide.

2009-08-06

20090199314

DELAYED-EFFECT AGRONOMIC TREATMENT AGENT, IN PARTICULAR FOR SEED GERMINATION AND PLANT DEVELOPMENT - Agent for the agronomic treatment of a living plant supported by a moist substrate, for example a soil, wherein said agent is in the solid and divided state, and comprises solid particles containing at least one active entity for the agronomic treatment, characterized in that each particle comprises: —a nucleus consisting of a grain of a solid material which is inert with respect to the substrate, comprising an inner developed surface area which is greater than its apparent surface area and, as a result, suitable for adsorption and/or absorption, —the active entity for agronomic treatment, absorbed into the grain and/or adsorbed at the surface of said grain, —a membrane encapsulating the nucleus comprising the active entity, consisting of at least one hydrophilic polymer which is permeable to the outside with respect to the active entity, when it is in direct or indirect contact with the moist substrate.

St. Augustinegrass plant named 'Aurora' - St. Augustinegrass plant Aurora is a new and distinct variety of perennial St. Augustinegrass cultivar, characterized by its short and narrow leaf blades, fine leaf texture, short internode length and diameter, and superior cold tolerance and turf quality. Aurora is also distinguished by its superior green plot and living ground cover characteristics.